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-• The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) D Claim(s) is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim(s) 1-18 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 
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DETAILED ACTION 



Drawings 



New corrected drawings are required in this application because the submitted drawings 
for Fig. 1 are informal. Applicant is advised to employ the services of a competent patent 
draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer prepares new 
drawings. The corrected drawings are required in reply to the Office action to avoid 
abandonment of the application. The requirement for corrected drawings will not be held in 
abeyance. 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Awadallah et 
al (6449251 Bl) in view of Boden et al (6615357 Bl) in further view of Stevens (TCP/IP 
Illustrated). 

With respect to Claim 1, the limitation: 

"a network address translating gateway connecting a LAN to an external 

network, said LAN using local IP addresses, said gateway having a local IP address that 



Claim Rejections - 35 USC §103 



can be seen by devices on said LAN and having an external IP address that can be seen 
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by devices on said external network" is met by Awadallah on column 3, lines 60-67 and 
on column 4, line 1-8; and 

"a plurality of internal tables associating combinations of local IP addresses of local 
devices on said LAN, external IP addresses of external devices on said external 
network. .. source port addresses, destination port addresses, reserved port addresses, and 
maintaining a list of reserved port addresses" is met by Awadallah on column 4, lines 30- 
33 and column 2, lines 26-29; and 

"means for performing normal address translation upon datagrams passing from said 
LAN to said external network and datagrams passing from said external network to said 
LAN" is met by Awadallah on column 3, lines 61-64; and 

"means for delivering a datagram from a local device on said LAN to an external device 
on said external network by receiving a datagram from a local device on said LAN 
intended for delivery to an external device on said external network, and determining 
whether the destination port address for said datagram is included in said list of reserved 
port addresses if said destination port address is not included in said list of reserved port 
addresses, performing normal address translation upon said datagram and passing said 
datagram to said external network for routing and delivery to said external device" by 
Awadallah on column 3, lines 61-67 and column 4, lines 1-4; 
Awadallah et al does not meet the limitation of SPI values neither does he meet the 
limitation of IP the routing procedure. 

The SPI-In values, SPI-Out values referred to in the second limitation of Claim 1 is met 
by Boden on column 1 , lines 55-59. It would have been obvious to one of ordinary skill 
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in the art at the time the invention was made to combine the teachings of Boden within 
the system of Awadallah because SPI values are necessary parameters in a gateway 
managed by IPSec to be able to tell multiple connections that use the same protocol apart. 
The combination of Awadallah et al and Boden et al does not disclose the IP routing 
procedure. This is disclosed by Stevens as discussed below. 

The limitation "and if said destination port address is included in said list of reserved 
port addresses, determining whether said destination port address is bound to said local IP 
address of said local device, and if said destination port address is bound to said local IP 
address, performing normal address translation upon said datagram and passing said 
datagram to said external network for routing and delivery to said external device" is met 
by Stevens on Secton 3.3, page 37-38, 1 st paragraph; and 

"and if said destination port address is not bound to said local IP address of said local 
device, modifying said source IP address of said datagram to be said external IP address 
of said gateway, binding said destination port address to said local IP address of said 
local device and creating an association between said destination port address and the 
external IP address of said external device, and passing said datagram to said external 
network for routing and delivery to said external device" is inherent in Stevens in Section 
3.3, page 37-38, 1 st paragraph. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the combination of Awadallah and 
Boden to obtain the claimed invention because the IP routing procedure is a basic routing 
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procedure performed by a router/gateway to a host that is either within a LAN or that 
needs to be reached outside of the LAN though a router/gateway. 



With respect to Claim 2, all the limitation is met by the combination of Awadallah and 
Stevens except that described below. 

The limitation "wherein the means for delivering a datagram from a local device on said 
LAN to an external device further comprises a means for determining whether said 
datagram is encrypted and, if said datagram is encrypted, for determining whether the 
SPI of said datagram is recorded in the SPI - Out field in said internal table and, if said 
SPI is recorded in said SPI - Out field, modifying the source IP address of said datagram 
to be said external IP address of said gateway and passing said datagram to said external 
network for routing and delivery to said external device" is met inherently by Boden on 
column 1, lines 55-59 and column 3, lines 49-56. It is inherently met by Boden because 
SPI (Security Parameter Index) is an index used within IPSec to keep multiple 
connections distinct. If absent, the two connections to the same gateway using the same 
protocol could not be told apart and hence is necessary for the correct functioning of the 
gateway. 

It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah et al and Stevens because the usage of SPI values forms a necessary part of 
the IPsec protocol for routing packets through a gateway, or else the gateway would not 
be able to tell multiple connections apart. 
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With respect to Claim 3, all the limitation is met by the combination of Awadallah et al and 
Stevens except the limitation described below. 

The limitation "if said SPI is not recorded in said SPI - Out field of said internal table, means for 
setting the SPI - In field corresponding to the local IP address of said local device equal to zero 
and setting said SPI - Out field equal to said SPI, modifying said source IP address of said 
datagram to be said external IP address of said gateway and passing said datagram to said 
external network for routing and delivery to said external device" is met inherently by Boden on 
column 1, lines 55-59 and column 3, lines 49-56 and explained in Claim 2 rejection above. 
It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah et al and Stevens because the usage of SPI values forms a necessary part of the IPsec 
protocol for routing packets through a gateway, or else the gateway would not be able to tell 
multiple connections apart. 

With respect to Claim 4, the limitation "... and if said datagram is not encrypted, 
determining whether the destination port address for said datagram is included in said 
list of reserved port addresses and, if said destination port address is not included in said 
list of reserved port addresses, performing normal address translation upon said 
datagram and passing said datagram to said LAN for delivery to said local device, and if 
said destination port address is included in said list of reserved port addresses. . ." is met 
by Awadallah on column 3, lines 61-67, column 4, lines 1-4. The Awadallah does not 
meet the limitation involving SPI values. This is however met by Boden as discussed 
below. 
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The limitation "wherein the network address translating gateway further comprises 
means for delivering a datagram from said external device to said local device by 
receiving a datagram from said external device on said external network intended for 
delivery to said local device on said LAN, means for determining whether said datagram 
is encrypted and, if said datagram is encrypted, determining whether the datagram's SPI 
is recorded in said SPI - In field of said internal table and, if said SPI is recorded in said 
SPI - In field, modifying the destination IP address of said datagram to be said local IP 
address of said local device and passing said datagram to said LAN for routing and 
delivery to said local device, and if said SPI is not recorded in said SPI- In field of said 
internal table, determining whether said SPI is not recorded in said SPI - In field 
corresponding to said IP address of said external device is equal to zero, and if said SPI 
- In field is not equal to zero, discarding said datagram, and if said SPI - In field is equal 
to zero, setting said SPI - In field equal to said SPI, modifying the destination IP address 
of said datagram to be said local IP address of said local device and passing said 
datagram to said LAN for delivery to said local device. . ." is met inherently by Boden 
on column 1, lines 55-59 and on column 3, lines 49-56. It would have been obvious to 
combine the teachings of Boden within the system of Awadallah because the use of SPI 
values is necessary to the correct operation of a gateway managing multiple 
connections. 

The combination of Awadallah et al and Broden does not meet the limitation of the IP 
routing description disclosed below. This limitation is met by Stevens as shown below. 
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The limitation "determining whether said destination port address is bound to the local 
IP address of said local device, if said destination port address is not bound to said local 
IP address, discarding said datagram, and if said destination port address is bound to 
said local IP address, modifying said destination IP address of said datagram to be said 
local IP address of said local device, unbinding said destination port address from said 
local IP address, and passing said datagram to said LAN for delivery to said local 
device" is inherently met by Stevens on Section 3.3, page 37, 38, 1 st paragraph. This is 
a routine process in IP routing as inherently shown by Stevens. 
It would have been obvious to one of ordinary skill in the art to combine the teachings of 
Stevens within the combination of Awadallah et al and Boden et al because the IP routing 
procedure is a basic routing procedure performed by a router/gateway to a host that is 
either within a LAN or that needs to be reached outside of the LAN. 

With respect to Claim 5, the limitation "a timer, wherein, upon receiving a signal that a port 
address has become bound to an IP address, said timer will commence timing for a 
predetermined length of time and, upon the expiration of said predetermined length of time, will 
send a signal causing said port address to become unbound from said IP address, and, upon 
receiving a signal indicating that said port address has become unbound from said IP address 
prior to the expiration of said predetermined length of time, said timer will stop timing and will 
reset" is met by Awadallah on column 6, lines 65-67 and column 7, lines 1-4. 
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With respect to Claim 6, the limitation "in which said external network is the internet" is met by 
Awadallah on column 1 , lines 29-3 1 . 

With respect to Claim 7, all the limitation is met by the combination of Awadallah and Stevens 
except the limitation of the LAN being a VPN. 

The limitation "in which said LAN is a virtual private network" is met by Boden on column 1, 
lines 24-25. 

It would have been obvious to combine the teachings of Boden within the combination of 
Awadallah and Stevens because a VPN is a common and well-known form of implementing a 
LAN. 

Claims 8, 10 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Awadallah et al (6449251 Bl) in view of Stevens (TCP/IP Illustrated). 

With respect to Claim 8, the limitation "maintaining a plurality of tables associating 
local IP addresses of local devices on said LAN, external IP addresses of external 
devices on said external network, port addresses of said local devices, port addresses of 
said external devices, SPI - In values, SPI - Out values, and reserved port addresses, and 
a list of reserved port addresses" is met by Awadallah on column 2, lines 26-29, 62-64 
and on column 4, lines 30-33. 

The limitation "receiving a datagram from said LAN" is met by Awadallah on column 3, 
lines 64-67 and column 4, lines 1-4. 
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The limitation "determining whether the destination port address for said datagram is 
included in said table of reserved port addresses and, if said destination port address is 
not included in said table of reserved port addresses, performing normal address 
translation upon said datagram and passing said datagram to said external network for 
routing and delivery to said external device" is met by Awadallah on column 3, lines 61- 
67, column 4, lines 1-4. 

Awadallah however does not meet the limitation disclosed below. This is however met 
by Stevens as discussed below. 

The limitation "and if said destination port address is included in said table of reserved 
port addresses, determining whether said destination port address is bound to an IP 
address, and if said destination port is bound to an IP address, performing normal address 
translation upon said datagram and passing said datagram to said external network for 
routing and delivery to said external device, and if said destination port address is not 
bound to an IP address, modifying said source IP address to be said external IP address 
for said external device, binding said destination port address to the local IP address of 
said local device and creating an association between said destination port address and 
said external IP address of said external device, and passing said datagram to said 
external network for routing and delivery to said external device" is inherently met by 
Stevens on Section 3.3 on page 37-38, 1 st paragraph. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the system of Awadallah because 
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the IP routing procedure is a basic routing procedure performed by a router/gateway to a 
host that is either within a LAN or that needs to be reached outside of the LAN. 



With respect to Claim 10, the limitation is the reverse of Claim 8 and hence Claim 8 
rejection stands for Claim 10. 

With respect to Claim 18, the limitation "a machine readable storage, having stored 
thereon a computer program having a plurality of code sections executable by a machine 
and for connecting a LAN to an external network via a network address translating 
gateway, wherein said gateway having a local IP address that can be seen by devices on 
said LAN and having an external IP address that can be seen by devices on said external 
network, and further including a plurality of internal tables associating combinations of 
local IP addresses of local devices on said LAN, external IP addresses of external devices 
on said external network, source port addresses, destination port addresses, reserved port 
addresses, and a list of reserved port addresses, for assisting the machine. .." is met by 
Awadallah et al on column 2, lines 26-29, column 3, lines 60-67, column 4, lines 1-8 and 
30-33. 

The limitation "attempting to deliver a datagram from a local device on said LAN to an 
external device on said external network by receiving a datagram from a local device on 
said LAN intended for delivery to an external device on said external network" is met by 
Awadallah on column 3, lines 60-67 and column 4, lines 1-2; and 
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The limitation "determining whether the destination port address for said datagram is 
included in said list of reserved port addresses and determining whether said destination 
port address is bound to said local IP address of said local device performing normal 
address translation upon said datagram and passing said datagram to said external 
network for routing and delivery to said external device if said destination port address is 
not included in said list of reserved port addresses" is met by Awadallah et al on column 
3, lines 61-67 and column 4, lines 1-4. 

Awadallah et al however does not disclose the limitation discussed below. This however 
is met by Stevens as shown below. 

The limitation "performing normal address translation upon said datagram and passing 
said datagram to said external network for routing and delivery to said external device, if 
said destination port address is included in said list of reserved port addresses and if said 
destination port address is bound to said local IP address; and modifying said source IP 
address of said datagram to be said external IP address of said gateway, binding said 
destination port address to said local IP address of said local device and creating an 
association between said destination port address and the external IP address of said 
external device, and passing said datagram to said external network for routing and 
delivery to said external device if said destination port address is not bound to said local 
IP address of said local device" is met by Stevens on Section 3.3, page 37, 38, 1 st 
paragraph. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Stevens within the system of Awadallah et al 
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because the IP routing procedure is a basic routing procedure performed by a 
router/gateway to a host that is either within a LAN or that needs to be reached outside of 
the LAN. 

Claims 9, 1 1-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Awadallah et al (6449251 Bl) in view of Stevens (TCP/IP Illustrated) in further view of Boden 
etal (6615357 Bl). 

With respect to Claim 9, all the limitation is met by the combination of Awadallah and 
Stevens except the limitation disclosed below. 

The limitation "determining whether said datagram is encrypted and, if said datagram 
is encrypted, determining whether the SPI in said datagram is recorded in the SPI - Out 
field of one of said plurality of internal tables and, if said SPI is recorded in said SPI - 
Out field of said internal table, modifying the source IP address to be the external IP 
address of said gateway and passing said datagram to said external network for routing 
and delivery to said external device, and if said SPI is not recorded in said SPI - Out 
field of said internal table, setting said SPI - Out field corresponding to the IP address 
of said external device equal to said SPI and setting the SPI - In field of said internal 
table to zero, modifying said source IP address to be said external IP address of said 
gateway, and passing said datagram to said external network for routing and delivery 
to said external device" is met inherently by Boden on column 1, lines 55-59 and on 
column 3, lines 49-56. 
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It would have been obvious to one of ordinary skill in the art to* combine the teachings 
of Boden within the combination of Awadallah and Stevens because the use of SPI 
values is necessary to the correct operation of a gateway managing multiple 
connections. 

With respect to Claim 1 1, all the limitation is met by the combination of Awadallah et 
al and Stevens. The limitation disclosed below is met by Boden. 
The limitation "determining whether the SPI in said datagram is recorded in the SPI - 
In field of one of said plurality of internal tables and, if said SPI is recorded in said 
SPI - In field of said internal table, modifying the destination IP address to be the 
internal IP address of said local device and passing said datagram to said LAN for 
routing and delivery to said local device, and if said SPI is not recorded in said SPI - 
In field of said internal table, determining whether said SPI- In field corresponding to 
the IP address of said external device is zero, and if said SPI -In field is not zero, 
discarding said datagram, and if said SPI - In field is equal to zero, modifying said SPI 
- In field to be said SPI, modifying said destination IP address to be said local IP 
address of said local device, and passing said datagram to said LAN for routing and 
delivery to said local device" is inherently met by Boden in column 1, lines 55-59 and 
in column 3, lines 49-56. 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Boden within the combination of Awadallah and 
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Stevens because the use of SPI values is necessary to the correct operation of a gateway 
managing multiple connections. 

With respect to Claim 12, the limitation "the steps of starting a timer whenever said 
destination port address becomes bound to said local IP address of said local device, 
CU resettling said timer whenever said destination port address has become released, 
and sending a signal whenever said timer is active and a predetermined length of time 
has expired from the time said timer was started" is met by Awadallah et al on 
column 6, lines 65-67 and column 7, lines 1-4. 

With respect to Claim 13, the limitation is the exact same limitation as Claim 12 and 
hence Claim 12 rejection holds. 

With respect to Claim 14, the limitation "in which said external network is the 
internet" is met by Awadallah on column 1, lines 29-31. 

With respect to Claim 15, 16 and 17, all the limitation is met by the combination of 
Awadallah and Stevens. 

The limitation "in which said LAN is a virtual private network" is met by Boden on 
column 1, lines 24-25. 

It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Boden within the combination of Awadallah 
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and Stevens because a VPN is a well-known form of implementation of a LAN in the 
art. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tracey Akpati whose telephone number is 703-305-7820. The 
examiner can normally be reached on 8.30am-6.00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 703-305-4393. The fax phone numbers for the 
organization where this application or proceeding is assigned are 703-746-7240 for regular 
communications and 703-746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



OTA 

January 8, 2004 




LYV.HUA 
PRIMARY EXAMINER 



